1 / 33

Cryptocurrency Café UVa cs4501 Spring 2015 David Evans

Class 12: Mostly About Superfish. Cryptocurrency Café UVa cs4501 Spring 2015 David Evans. Image from http ://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool / (but I think they stole it from Monsters and Aliens). Plan for Today. Difficulty Update Project 2: Part 2

timothycarman
Download Presentation

Cryptocurrency Café UVa cs4501 Spring 2015 David Evans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Class 12: Mostly About Superfish Cryptocurrency Café UVa cs4501 Spring 2015 David Evans Image from http://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool/ (but I think they stole it from Monsters and Aliens)

  2. Plan for Today Difficulty Update Project 2: Part 2 Superfish Calamity! (Attacks on Blockchain)

  3. Last Class: Profitability (?) of SP20 >> cumulative_income(1) 79.12571644571238 >>> cumulative_income(12) 571.0928818228372 >>> cumulative_income(24) 562.7786595271843 >>> cumulative_income(17) 619.9072133191279

  4. https://bitcoinwisdom.com/bitcoin/difficulty

  5. Old difficulty: difficulty = 46684376317 # updated 22 Feb 2015 # 44455415962 # from https://blockchain.info/stats, 15 Feb 2015 # this is a very low assumption - over past year, average rate was 0.35 rate_of_difficulty = 0.05 … defcumulative_income(months): income = 0.0 month = 0 while month < months: income += expected_income(month) month += 1 return income >> cumulative_income(1) 79.12571644571238 >>> cumulative_income(12) 571.0928818228372 >>> cumulative_income(17) 619.9072133191279 Note: actual increase since Jan 29: 0.13 New difficulty: >>> cumulative_income(1) 72.41808586293124 >>> cumulative_income(12) 508.6688931963315 >>> cumulative_income(16) 540.5796294385948 >>> cumulative_income(17) 540.5038281854024

  6. Old difficulty: difficulty = 46684376317 # updated 22 Feb 2015 # 44455415962 # from https://blockchain.info/stats, 15 Feb 2015 # this is a very low assumption - over past year, average rate was 0.35 rate_of_difficulty = 0.13 … defcumulative_income(months): income = 0.0 month = 0 while month < months: income += expected_income(month) month += 1 return income >> cumulative_income(1) 79.12571644571238 >>> cumulative_income(12) 571.0928818228372 >>> cumulative_income(17) 619.9072133191279 Note: actual increase since Jan 29: 0.13 New difficulty: >>> cumulative_income(1) 72.41808586293124 >>> cumulative_income(12) 508.6688931963315 >>> cumulative_income(16) 540.5796294385948 >>> cumulative_income(17) 540.5038281854024 At 13%: >>> cumulative_income(1) 72.41808586293124 >>> cumulative_income(7) 239.03863987346259 >>> cumulative_income(8) 234.54128929077427

  7. from Feb 18 (Class 11):

  8. from Feb 18 (Class 11): this morning (Feb 23):

  9. PointCoin Difficulty

  10. Project 2 Part 2 starts after class today Understand threats to the blockchain Attack the PointCoin network

  11. Rules • The blockchain reported by http://blockexplorer.bitcoin-class.org/ is the blockchain that matters (if that node is taken down, the definitive blockchain will be one taken from the course staff nodes) • You may not use any active computing power for mining other than your EC2 nodes • You may not misuse any University resources • You may not do anything that violates Amazon’s acceptable use policy (http://aws.amazon.com/aup/)

  12. Opportunities • Collusion is permitted (indeed, encouraged!) • You should have mutual distrust for your classmates (just for this assignment!) • If you join a mining pool, it is encouraged that you (attempt to) deceive the pool operator (or other pools) to gain an advantage • If you operate a mining pool, fine to attempt to cheat pool members

  13. Do Something Else! • Posted Project 2 / Part 2 is the default. • I hope some students will do other things! • Alternatives: • Build a PointCoin exchange • Use scripts in interesting ways • Build naming service using PointCoin • … If you have an idea for something different to do, let me know.

  14. What Happened with Lenovo?

  15. https://www.google.com/#q=chair

  16. SSL (Secure Sockets Layer) Client Server Hello KRCA[Server Identity, KUS] Verify Certificate using KUCA Check identity matches URL Generate random K DecryptusingKRS EKUS(K) Secure channel using K Simplified TLS Handshake Protocol

  17. SSL (Secure Sockets Layer) Client Server Hello KRCA[Server Identity, KUS] Verify Certificate using KUCA Check identity matches URL Generate random K How did client get KUCA? DecryptusingKRS EKUS(K) Secure channel using K Simplified TLS Handshake Protocol

  18. Certificates How does VarySign decide if it should give certificate to requester? VarySign.com petitions.gov, KUPetitions CP= KRVarySign[“petitions.gov”, KUPetitions] TJ CP Verifies using KUVarySign Petitions

  19. $399 $1499 for 1 year

  20. How could SuperFish insert ads in SSL traffic?

  21. Reminder: do not launch DDOS attacks on PointCoin!

  22. Internet explorer connects to a web server on port 443 using SSL. The data is encrypted. • Komodia’sSSL hijacker intercepts the communication and redirects it to Komodia’s Redirector. The channel between the SSL hijacker and the Redirector is encrypted. • At this stage, Komodia’s Redirector can shape the traffic, block it, or redirect it to another website. • Communication between the Redirector and the website is encrypted using SSL. • All data received from the website can be again modified and/or blocked. When data manipulation is done, it is forwarded again to Internet explorer. • The browser displays the SSL lock, and the session will not display any “Certificate warnings”. http://www.komodia.com/products/komodias-ssl-decoderdigestor (in archive.org)

  23. SSL (Secure Sockets Layer) Client Server Hello KRCA[Server Identity, KUS] Verify Certificate using KUCA Check identity matches URL Generate random K DecryptusingKRS EKUS(K) Secure channel using K Simplified TLS Handshake Protocol

  24. Charge Project 2 Part 2: Starts Now Due Thursday 5 March Quiz Wednesday

More Related